Headline
CVE-2023-34064: VMSA-2023-0027
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
Advisory ID: VMSA-2023-0027
CVSSv3 Range: 6.3
Issue Date: 2023-12-12
Updated On: 2023-12-12 (Initial Advisory)
CVE(s): CVE-2023-34064
Synopsis: VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064)
****1. Impacted Products****
- VMware Workspace ONE Launcher
****2. Introduction****
A privilege escalation vulnerability in VMware Workspace ONE Launch was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
****3. Privilege Escalation Vulnerability****
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.
A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
To remediate CVE-2023-34064 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Bartek Pszczola of Defendable for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Workspace ONE Launcher
23.x
Android
CVE-2023-34064
6.3
moderate
23.11
N/A
None
VMware Workspace ONE Launcher
22.x
Android
CVE-2023-34064
6.3
moderate
23.11
N/A
None
****4. References****
****5. Change Log****
2023-12-12 VMSA-2023-0027
Initial security advisory.
****6. Contact****